> On Mon, 13 Oct 2014 17:30:58 +0200
> Andreas Ladanyi <andreas.lada...@kit.edu> wrote:
>> On my old system from which i migrated the users/group accounts uses
>> the Kerberos own DB without LDAP for the principals.
>> I could dump the master key :
>> kdb5_util dump filename K/M@REALM
>> Now i have a lot of numbers in the dumpfile. Which number belongs to 
>> which LDAP attribute in the (test) FreeIPA 389 LDAP System (Simon
>> called it a throwaway system :-) )
>> I dont know the data structure of the KRB own DB.
> And you shouldn't really care, you should use the kdb5 utils to load
> back the dumped DB, provided you first create all users and hosts and
> services via the freeipa tools.
> Simo.

Ok, i dumped the kerberos DB with kdb5_util and get the dumped file with
all principals.

So now if i unterstand you correctly, if have to create all users/group/service 
principals with the freeipa tools first ?

How can i import the dumped principals in to the 389 LDAP ? I cant see any 
options in the kdb5_ldap_util to import the principals and hashes from the 
dumped KRB DB file to 389 LDAP ?


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to